mikemrm/ks-esxi.cfg

## ks-esxi.cfg
# Accept the VMware End User License Agreement
vmaccepteula
# Set the root password for the DCUI and Tech Support Mode
rootpw --iscrypted $6$xSOpfz11kKe.namH$RbbGJOczPR/k17lPmotNf0cFrmYD7ooWcCuA7/f4xp4Y80g1NvpWJ.UvTvkagmjYmha3xJdEtIxTMWCTaNMf21
# The install media is in the CD-ROM drive
install --firstdisk=lsi_mr3,lsi_msgpt3,vmw_ahci --overwritevmfs
# Set the network to DHCP on the proper network adapter based on its type
network --bootproto=dhcp --device=ec:0d:9a:ca:69:e4
reboot

%firstboot --interpreter=busybox
# Fetch packet MD
wget http://metadata.packet.net/metadata -O /tmp/metadata
uuid=$(cat /tmp/metadata | python -c "import sys, json; print(json.load(sys.stdin)['id'])")
hostname=$(cat /tmp/metadata | python -c "import sys, json; print(json.load(sys.stdin)['hostname'])")
# Set hostname
esxcli system hostname set --fqdn=$hostname
# Enable shell
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell
# Add private network interface
esxcli network vswitch standard portgroup add --portgroup-name='Private Network' --vswitch-name=vSwitch0
esxcli network ip interface add --interface-name=vmk1 --portgroup-name='Private Network'
# Set the iSCSI IQN
iqn=$(cat /tmp/metadata | python -c "import sys, json; print(json.load(sys.stdin)['iqn'])")
esxcli iscsi software set --enabled=true
esxcli iscsi adapter set -A vmhba64 -n $iqn
esxcli iscsi networkportal add -n vmk1 -A vmhba64
# Configure IP addresses statically from metadata using python
cat >> /tmp/netcfg.py <<EOF
import sys
import json
import subprocess

def exec(cmd):
  print(cmd + "\n")
  subprocess.call(cmd, shell=True)

with open('/tmp/metadata', 'r') as json_file:
  packet_metadata = json.load(json_file)

for addr in packet_metadata['network']['addresses']:
  if addr['public'] == True:
    interface = "vmk0"
  else:
    interface = "vmk1"
  if addr['address_family'] == 4:
    if interface == "vmk1":
      exec("esxcli network ip interface ipv4 set -i " + interface + " -t static -I " + addr['address'] + " -N " + addr['netmask'])
      exec("esxcli network ip route ipv4 add --gateway " + addr['gateway'] + " --network 10.0.0.0/8")
    else:
      exec("esxcli network ip interface ipv4 set -i " + interface + " -t static -I " + addr['address'] + " -N " + addr['netmask'] + " -g " + addr['gateway'])
  elif addr['address_family'] == 6:
    exec("esxcli network ip interface ipv6 set -i " + interface + " -e true")
    exec("esxcli network ip interface ipv6 address add -i " + interface + " -I " + addr['address'] + "/" + str(addr['cidr']))
    exec("esxcli network ip interface ipv6 set -i " + interface + " -g " + addr['gateway'])
  else:
    print("Skipping unknown address_family [" + addr['address_family'] +"]\n")
EOF
python /tmp/netcfg.py
# Setup public SSH key auth for root
wget http://metadata.packet.net/2009-04-04/meta-data/public-keys -O /etc/ssh/keys-root/authorized_keys
# Disable SSH password auth and force public key auth
echo 'ChallengeResponseAuthentication no' >> /etc/ssh/sshd_config
# Enable ssh
vim-cmd hostsvc/enable_ssh
# Ensure serial port is activated
esxcli system settings kernel set -s logPort -v none
esxcli system settings kernel set -s gdbPort -v none
esxcli system settings kernel set -s tty2Port -v com2
# Phone home to Packet for device activation
echo "Tinkerbell: 147.75.200.3" > /tmp/firstboot-packet.log
echo "UUID: $uuid" >> /tmp/firstboot-packet.log
BODY='{"instance_id":"$uuid"}'
BODY_LEN=$( echo -n ${BODY} | wc -c )
echo -ne "POST /phone-home HTTP/1.0\r\nHost: 147.75.200.3\r\nContent-Type: application/json\r\nContent-Length: ${BODY_LEN}\r\n\r\n${BODY}" | nc -i 3 147.75.200.3 80 > /tmp/firstboot-phone-home.log
reboot

%post --interpreter=busybox
esxcli system settings kernel set -s logPort -v none
esxcli system settings kernel set -s gdbPort -v none
esxcli system settings kernel set -s tty2Port -v com2
echo "nameserver 147.75.207.207" > /etc/resolv.conf
sleep 20
echo "Tinkerbell: 147.75.200.3" > /tmp/post-packet.log
BODY='{"type":"provisioning.109"}'
BODY_LEN=$( echo -n ${BODY} | wc -c )
echo -ne "POST /phone-home HTTP/1.0\r\nHost: 147.75.200.3\r\nContent-Type: application/json\r\nContent-Length: ${BODY_LEN}\r\n\r\n${BODY}" | nc -i 3 147.75.200.3 80 > /tmp/post-phone-home.log

%pre --interpreter=busybox
BOOTOPTIONS=$(/sbin/bootOption -o)
echo $BOOTOPTIONS > /cmdline-bootoption
echo $BOOTOPTIONS > /tmp/pre-bootoptions
	# Accept the VMware End User License Agreement
	vmaccepteula
	# Set the root password for the DCUI and Tech Support Mode
	rootpw --iscrypted $6$xSOpfz11kKe.namH$RbbGJOczPR/k17lPmotNf0cFrmYD7ooWcCuA7/f4xp4Y80g1NvpWJ.UvTvkagmjYmha3xJdEtIxTMWCTaNMf21
	# The install media is in the CD-ROM drive
	install --firstdisk=lsi_mr3,lsi_msgpt3,vmw_ahci --overwritevmfs
	# Set the network to DHCP on the proper network adapter based on its type
	network --bootproto=dhcp --device=ec:0d:9a:ca:69:e4
	reboot

	%firstboot --interpreter=busybox
	# Fetch packet MD
	wget http://metadata.packet.net/metadata -O /tmp/metadata
	uuid=$(cat /tmp/metadata \| python -c "import sys, json; print(json.load(sys.stdin)['id'])")
	hostname=$(cat /tmp/metadata \| python -c "import sys, json; print(json.load(sys.stdin)['hostname'])")
	# Set hostname
	esxcli system hostname set --fqdn=$hostname
	# Enable shell
	vim-cmd hostsvc/enable_esx_shell
	vim-cmd hostsvc/start_esx_shell
	# Add private network interface
	esxcli network vswitch standard portgroup add --portgroup-name='Private Network' --vswitch-name=vSwitch0
	esxcli network ip interface add --interface-name=vmk1 --portgroup-name='Private Network'
	# Set the iSCSI IQN
	iqn=$(cat /tmp/metadata \| python -c "import sys, json; print(json.load(sys.stdin)['iqn'])")
	esxcli iscsi software set --enabled=true
	esxcli iscsi adapter set -A vmhba64 -n $iqn
	esxcli iscsi networkportal add -n vmk1 -A vmhba64
	# Configure IP addresses statically from metadata using python
	cat >> /tmp/netcfg.py <<EOF
	import sys
	import json
	import subprocess

	def exec(cmd):
	print(cmd + "\n")
	subprocess.call(cmd, shell=True)

	with open('/tmp/metadata', 'r') as json_file:
	packet_metadata = json.load(json_file)

	for addr in packet_metadata['network']['addresses']:
	if addr['public'] == True:
	interface = "vmk0"
	else:
	interface = "vmk1"
	if addr['address_family'] == 4:
	if interface == "vmk1":
	exec("esxcli network ip interface ipv4 set -i " + interface + " -t static -I " + addr['address'] + " -N " + addr['netmask'])
	exec("esxcli network ip route ipv4 add --gateway " + addr['gateway'] + " --network 10.0.0.0/8")
	else:
	exec("esxcli network ip interface ipv4 set -i " + interface + " -t static -I " + addr['address'] + " -N " + addr['netmask'] + " -g " + addr['gateway'])
	elif addr['address_family'] == 6:
	exec("esxcli network ip interface ipv6 set -i " + interface + " -e true")
	exec("esxcli network ip interface ipv6 address add -i " + interface + " -I " + addr['address'] + "/" + str(addr['cidr']))
	exec("esxcli network ip interface ipv6 set -i " + interface + " -g " + addr['gateway'])
	else:
	print("Skipping unknown address_family [" + addr['address_family'] +"]\n")
	EOF
	python /tmp/netcfg.py
	# Setup public SSH key auth for root
	wget http://metadata.packet.net/2009-04-04/meta-data/public-keys -O /etc/ssh/keys-root/authorized_keys
	# Disable SSH password auth and force public key auth
	echo 'ChallengeResponseAuthentication no' >> /etc/ssh/sshd_config
	# Enable ssh
	vim-cmd hostsvc/enable_ssh
	# Ensure serial port is activated
	esxcli system settings kernel set -s logPort -v none
	esxcli system settings kernel set -s gdbPort -v none
	esxcli system settings kernel set -s tty2Port -v com2
	# Phone home to Packet for device activation
	echo "Tinkerbell: 147.75.200.3" > /tmp/firstboot-packet.log
	echo "UUID: $uuid" >> /tmp/firstboot-packet.log
	BODY='{"instance_id":"$uuid"}'
	BODY_LEN=$( echo -n ${BODY} \| wc -c )
	echo -ne "POST /phone-home HTTP/1.0\r\nHost: 147.75.200.3\r\nContent-Type: application/json\r\nContent-Length: ${BODY_LEN}\r\n\r\n${BODY}" \| nc -i 3 147.75.200.3 80 > /tmp/firstboot-phone-home.log
	reboot

	%post --interpreter=busybox
	esxcli system settings kernel set -s logPort -v none
	esxcli system settings kernel set -s gdbPort -v none
	esxcli system settings kernel set -s tty2Port -v com2
	echo "nameserver 147.75.207.207" > /etc/resolv.conf
	sleep 20
	echo "Tinkerbell: 147.75.200.3" > /tmp/post-packet.log
	BODY='{"type":"provisioning.109"}'
	BODY_LEN=$( echo -n ${BODY} \| wc -c )
	echo -ne "POST /phone-home HTTP/1.0\r\nHost: 147.75.200.3\r\nContent-Type: application/json\r\nContent-Length: ${BODY_LEN}\r\n\r\n${BODY}" \| nc -i 3 147.75.200.3 80 > /tmp/post-phone-home.log

	%pre --interpreter=busybox
	BOOTOPTIONS=$(/sbin/bootOption -o)
	echo $BOOTOPTIONS > /cmdline-bootoption
	echo $BOOTOPTIONS > /tmp/pre-bootoptions